Now in our third year, we had a logo developed. An updated website is coming soon.
We are looking for sponsors for our second annual Three Rivers Information Security Symposium. Last year’s symposium, our inaugural event, was a huge success with nearly 200 attendees and 11 sponsors. We expect over 300 attendees this year and hope you will be interested in sponsoring this event and we know that your sponsorship will assist you in getting your message or product in front of Pittsburgh’s security professionals. We have outlined the sponsorship levels below. Our intention with the levels is to give companies and several options that are both affordable and provide avenues to get in front of our attendees. In our event we have separated the speakers and sponsorship’s. Although we do not want the speakers to be selling product it can be a great opportunity to highlight your area of expertise on any of a number of security topics.
Last year’s event attracted titles such as CIO, CISO, CTO, Director of Information Security, Manager of IT, Security/Data/Network Analyst, Owner and President from some of the largest companies in Pittsburgh such as U.S. Steel, PNC, PPG, Wesco , Dick’s Sporting Goods, UPMC, Dollar Bank, Bayer, Highmark, Giant Eagle, Federated, Mylan and Wabtec.
We expect this year’s symposium to be bigger and better than last year. You can review last year’s presentation and speakers. http://www.threeriversinfosec.com/2016speakers/
Please contact the TRISS Planning Committee (firstname.lastname@example.org) to become a sponsor for 2017 or for more information on sponsoring.
Background: The Three Rivers Information Security Symposium is a one-day conference, aimed at increasing awareness, interaction and knowledge in the Greater Pittsburgh information security community. Local security groups and partners hosting the symposium include InfraGard Pittsburgh, ISSA Pittsburgh and Pittsburgh OWASP. There will be Presentations, Roundtable and Hands-On workshops on a variety of information security topics throughout the day. The intent is to appeal to a wide range of attendees including network and application security, software developers, software quality engineers, computer science professionals and students.
Last year was an unqualified success and shows the Pittsburgh region is hungry for information security collaboration and community. This year we are targeting to increase our attendance to over 300 attendees. Attendees are from a wide variety of companies and organizations within the greater Pittsburgh area from consultants, to small businesses and multinational corporations covering finance, government, healthcare, manufacturing and information technology.
Gold – Event Sponsor*
A Gold Sponsorship will cost $5,000
Silver – Session Sponsor*
A Silver Sponsorship will cost $2,500 per breakout session; limited to one sponsor per breakout session.
Bronze – Standard Sponsorship*
A Bronze Sponsorship will cost $1,500 with a maximum of 15 tables.
Rules or event restrictions
* No more than 2 company logos can be displayed per sponsorship table
The Three Rivers Information Security Symposium is pleased to announce a Call for Conference Papers and Call for Interactive Sessions for the 2017 Three Rivers Information Security Symposium on October 20, 2017, in conjunction with Cyber Security Awareness Month. This is the second of what is planned to be an annual Symposium. This year’s event will be hosted at DoubleTree – Monroeville Convention Center.
The Three Rivers Information Security Symposium is a one-day conference, aimed at increasing awareness, interaction and knowledge in the Greater Pittsburgh information security community. There will be presentations, round-table and hands-on workshops on a variety of information security topics throughout the day. The intent is to appeal to all levels of security professionals including those working in network and application security, software development, software quality engineers, computer science professionals and students. All presentations and interactive sessions are NOT to be a sales or product demonstration. There are many excellent products and services offered by vendors in the security arena, but we are vendor neutral.
Local security groups hosting the symposium include InfraGard Pittsburgh, ISSA and OWASP. We are planning for over 300 attendees this year.
Three Rivers Information Security Symposium presentations should focus on various areas of information security relevant to our local community. We encourage speakers at all levels of experience to present papers to achieve the conference goals. Topics from last year’s symposium include:
The range of topics to present can cover secure coding techniques, insider threat, cloud, cryptography, cyber warfare, emerging threats, ethical hacking, forensics, ediscovery, incident response, intrusion detection, malware and reverse engineering, mobile, policy and governance, physical security, privacy and anonymity, security and risk, security education and awareness, secure programming, and security tools and techniques. Presentations should focus on various areas of information security, including the technical and social aspects. You are encouraged to combine and integrate these topics or come up with your own topic. English language only presentations.
Please submit your Conference Paper topic by August 22, 2017, include the following details:
Send submissions to email@example.com
Subject Line: TRISS 2017 presentation submission
We listened! Based on your feedback, we are adding interactive learning to the symposium. This can be in the form of demonstrations, hands-on workshops and classic training.
The range of topics to can cover secure coding techniques, insider threat, cloud, cryptography, cyber warfare, emerging threats, ethical hacking, forensics, ediscovery, incident response, intrusion detection, malware and reverse engineering, mobile, policy and governance, physical security, privacy and anonymity, security and risk, security education and awareness, secure programming, and security tools and techniques.
Training sessions should focus on various areas of information security, including the technical and social aspects. You are encouraged to combine and integrate these topics or come up with your own topic. English language only please.
These Interactive learning sessions will be in a separate space.
Please submit your training topic by August 22, 2017 include the following details:
Send submissions to firstname.lastname@example.org
Subject Line: TRISS 2017 interactive submission
The inaugural Three Rivers Information Security Symposium will be held on Friday, October 28, 2016. In conjunction with Cyber Security Awareness Month, TRISS will be held at Robert Morris University from 8:00 am to 3:30 pm.
The evolution of the security program at Highmark Health is unquestionably a long-term undertaking, but in the course of the past couple years, the security organization has managed to address compliance, awareness, metrics, organizational culture and much more. But Highmark CISO Omar Khawaja recognizes that the betterment of a security posture — and the work of a security leader — is never done. Join this session to learn about the risks and advantages of taking an agile approach to security, and the challenges and opportunities for Highmark that wait just down the road.
Ethical Intruder has been performing Ethical Hacking evaluations for seven years and typically we find that the same issues come up at almost every organization regardless of size or the maturity of their security program.
The first impression you provide to a company performing a penetration test is very similar to the impression that a hacker would have when they are investigating if you are a good target for them to mount a deeper more sustained attack. So if a company can change that first impression, they may divert the attention of the pen tester or hacker and decrease their overall threatscape.
The core issues we see at local charitable non-profits up to fortune 50 health care providers can be addressed fairly easily by following some basic guidelines and without having to buy new tools or spending extended amounts of time or money to achieve this more secure impression.
The talk topic will cover several steps an organization can quickly change that first impression and make the hacker look maybe the other way. Stop focusing on the next tool or log when instead you can focus your teams’ perspective and behaviors to think like a hacker when they are protecting your core assets. The talk will cover a range of targets from external networks, web applications, internal networks, and physical corporate office spaces.
Mobile phones have become ubiquitous within our society, and many would now consider them a necessity rather than a convenience. We are living in a world where people are staying connected via mobile technology more than ever before. Technology which was once only found on desktop computers can now be carried in the palm of our hands. The number of mobile devices, at the end of 2015, exceeded 7.9 billion users. This noticeable constant connection to our mobile devices is bringing to the forefront an area of concern in regard to security. The majority of vulnerabilities are caused by the user error and lack of understanding and training of the implications associated with using a mobile device. In order to protect our mobile devices, it is imperative that end users and can answer the following questions among others. What security mechanisms do we have in place to deal with mobile security threats? What are the biggest risks associated with mobile devices? How secure are the mobile apps? In order to be able to address the risk factors associated with mobile malware, it is imperative to first understand the threats . Mobile devices are becoming a new target to gain user information, as mobile device security has not kept up with traditional computer security. Cyber criminals are beginning to attack mobile devices due to the lack of security measures in place. Such information includes email accounts, phone numbers, calendar information, network or login credentials, confidential notes or files, and contact lists to name a few. Mobile devices can be used on both secure and unsecure environments.
Cyber security has evolved through four major generations, and the recent DNC and NSA hacks are indicative that a fifth generation is now emerging. This presentation will discuss some of the challenges, advantages and pitfalls of fifth generation cyber security, including:
This presentation is designed to be a primer for IT Security Professionals. The speakers will first discuss one accepted model of the life cycle of data: create, grant access, process, analyze, preserve, re-use, and destroy. The speakers will then discuss how litigation and e-discovery impact the different stages of that life cycle, including the duty to preserve, when the duty to preserve arises, security concerns over the preservation and production of data during discovery, and basic tips to ensure compliance with litigation-related mandates. They will also discuss the application of the CIA triad to litigation and e-discovery.
Let’s face it, security is hard! Part of the reason why it’s hard is because sometimes we don’t address security concerns early enough in the development process, if at all. Identifying and prioritizing security gaps in a design can be mitigated through the use of threat modeling and risk analysis. In this talk I will show you how to use the OWASP Top 10, STRIDE threat modeling and OCTAVE Allegro risk analysis to generate meaningful design changes that will have a major impact on the security of your application or system.
I am a very active member of the hacker community and through that I have built not only a strong career but a very impressive list of friends which I can rely on for personal and professional help. I feel very strongly that being actively involved in security outside of normal work hours is critical to launching a successful career in infosec. This is especially important for students who are trying to differentiate themselves from all the others in their graduating class to get not just high paying jobs but meaningful careers in their chosen field.
The first Three Rivers Information Security Symposium will be held on Friday, October 28, 2016. In conjunction with Cyber Security Awareness Month, TRISS will be held at Robert Morris University from 8:30 am to 3:30 pm.
There will be two keynote speakers and sessions on a variety of information security topics throughout the day. The list of speakers and topics will be announced following a Call for Presentations. Breakfast and lunch will be provided with attendees limited to 160.
We received twenty-one submissions. Thank you to everyone for submitting, unfortunately there is not enough time to select them all. From those, two keynotes and five presentations were selected. One presentation slot was added by adding thirty-minutes to the symposiums. The tentative schedule:
|Key Note||Omar Khwaja||ZERO TO 60 – Transforming Security Program|
|Presentation 1||David Kane||Penetration test preparation that focuses your team to think like a hacker|
|Presentation 2||Mike Joyce, Kevin Wiggins||How Litigation and E-Discovery Interrupt the Life Cycle of Data|
|Key Note 2||Ray Watson||Fifth Generation CyberDefenses: Can We Win an Unfair Fight?|
|Presentation 3||John Weingartner, Sarah Pfabe, Brendan Adams||Mobile Security Threats: How Safe Is Our Data?|
|Presentation 4||Matt Trevors||Threat Modeling and Risk Analysis for Developers and Testers|
|Presentation 5||Rick Farina||Get Involved – InfoSec Careers|